Empowering Application Security Protection in the World of DevOps

How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Whether it’s containers like Docker or the increasing mix of custom and open source code, development teams are aware of the shifting security challenges they face. However, they're not security experts and do not have spare time to learn new tools.

What can development teams do to keep pace with rapidly evolving application security threats?

The answer lies in automation. By making application security part of the continuous build processes, organizations can protect against these major risks.

Join IBM and Black Duck for our latest webinar on best practices for application security in DevOps. You’ll learn:

• New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments.
• Best practices for designing and incorporating an automated approach to application security into your existing development environment.
• Future development and application security challenges organizations will face and what they can do to prepare.

Application security broke new ground in 2016. The shift to DevOps has driven the need for new technologies and different levels of integration across the development ecosystem. The focus is pulling all your organization’s technologies together and bring in products that easily and seamlessly fit into any environment, thereby further automating security while maintaining development agility. These enhancements deliver a more complete view of application-security health, making it possible to assess Static, Dynamic, Interactive and Open Source security in a single view.

Advancements have been made but as we’ve learned, application security is ever changing. New technology trends – container adoption, IoT, for example – mean new security considerations and AppSec innovation must continue in 2017.

In this webinar presented by experts from HPE Security Fortify and Black Duck, you'll learn about:

- The major AppSec advancements in 2016 and their impact on software security health
- New ways AppSec will evolve in the coming year, including the areas of remediation improvement and cloud integration, DevOps, and Continuous Integration
- Check list of AppSec best practices for your 2017 toolbox

Despite open source software's long history - Linux just turned 25 - legal and risk questions about open source use still abound. Black Duck On-Demand Vice President & General Manager Phil Odence regularly fields open source-related questions as he speaks with tech executives and their counsel. Listen in as Phil goes through some of the most frequently asked questions and gets expert answers from Attorneys Karen Copenhaver and Mark Radcliffe. Both are well versed in the legal nuances of open source, and are able to turn their expertise into practical, actionable advice as they ably demonstrate in this webinar.

During our next customer webinar, we’ll share expert tips and best practices on how to extract maximum value from the latest features available in Black Duck Hub. The new integrations and features help improve both open source security and compliance. You’ll learn how to:

•Track remediation tasks using the new Hub-Jira integration
•Leverage new open source discovery techniques for Ruby Gems and Node.js as well as build integrations for Maven/Gradle to improve the accuracy of your open source inventory
•Customize your notices file so that all open source is properly attributed
•Leverage the new Hub-Email Extension to push notifications via email
•Incorporate Hub scanning into your Jenkins pipeline projects

Open Source software is the foundation for application development today and its use is growing rapidly worldwide because of the development cost reductions and innovation it enables. Black Duck discovers open source in every application it analyzes and finds finds that 35% of the average commercial software application is open source. Home-grown applications typically contain 50% or more open source.

The dramatic growth in open source use has been accompanied by an array of security and management challenges related to a lack of visibility into and control of the open source in use. Leading organizations are aggressively pursuing ways to continue to increase their use of open source and do so without compromising effective security or management.

This webinar will present findings from Black Duck's Center for Open Source Research examining open source use, risks, and benefits. Black Duck CMO Bob Canaway will discuss the latest open source threats, usage patterns, governance, and the changing security and management needs as open source expands across the cloud, the Internet of Things, and the digital landscape.

Open source risk is a significant issue for both buyers and sellers in M&A transactions. Although open source comprises 30-50% of the code in an average application, results from Black Duck open source audits are eye-opening: sellers rarely know what open source they’re using and there are often serious risks associated with open source components in code assets.

In this webinar, Jim Markwith, a technology attorney who handles complex IP licensing transactions, and has been involved in scores of M&A deals, will discuss the top five open source issues that impact transactions. He will provide in-depth descriptions of the challenges encountered and their impact on the transaction, punctuating the presentation with insightful stories from the M&A trenches.

Businesses and governments worldwide increasingly rely on open source software to reduce development costs, get to market faster, and innovate. Despite its ubiquity, there are many management and security challenges that have accompanied the explosive growth in open source usage. Most organizations don’t know how much open source is in their applications or where it is in their code base. There is considerable confusion and misinformation about the what strategies and tools are needed to identify known open source vulnerabilities in the application code and assure the secure use of open source.

Please join Black Duck's VP of Security Strategy Mike Pittenger as he unpacks the common myths and misperceptions surrounding open source use and learn best practices to secure and manage your open source, reduce risk from security vulnerabilities and increase efficiency within your SDLC.

Container usage in production environments is becoming commonplace, increasing the need to design for security and develop security response processes. Doing so starts with a clear understanding of what software is running in the datacenter.

This Container Security Master Class looks at how datacenter operations trends are combining to promote secure container deployments. Although these trends have the potential to abate risk, without a clear understanding of the applications and their dependencies, if a successful attack does occur, the scope of compromise can inadvertently increase.

Open source has been adopted by organizations across all industries, including software, systems, and cloud services. How much open source is used, along with the license, security, and operational risks posed by unmanaged use of open source, is a question M&A professionals need to consider in every transaction.
This webinar will provide insight from real world data abstracted from Black Duck M&A audits. The data covers hundreds of systems and commercial applications, the code assets of recent acquisition targets, and will illuminate why acquirers should understand exactly what is in the code base before closing the deal. Data will include:
- The composition of open source v. proprietary code in the average code base
- The gap between the number of open source components used vs. what was known by the target
- The prevalence of components using licenses that could put IP at risk
- Number and age of security vulnerabilities in the open source components
- An understanding of which components have underactive support communities

Yes, it’s possible to automate open source security and license compliance processes and maintain DevOps agility. In this webinar, Product Manager Utsav Sanghani will demonstrate how Black Duck Hub plugs into Jenkins to address open source license compliance and security risks as part of an overall release process. He will cover:
- Automating and managing open source security as part of the SDLC
- Defining and implementing custom policies that prevent potential open source risks
- Issue management and remediation workflow, with ideas on how going left translates into greater savings

This webinar will examine the implications of recent open source compliance and litigation. It will touch on a series of Linux-related cases as well as stepped up compliance activity in Germany and current patent suits against Apache projects. The new litigation will be discussed in the context of prior similar cases such as the Versata-Ameriprise case. Additionally, the webinar will overview compliance best practices and how to reduce the risk of open source compliance and litigation.

Organizations are increasingly turning to container environments to meet the demand for faster, more agile software development. But a 2015 study conducted by Forrester Consulting on behalf of Red Hat revealed that 53% of IT operations and development decision makers at global enterprises reported container security concerns as a barrier to adoption.

The challenges of managing security risk increase in scope and complexity when hundreds or even thousands of different open source software components and licenses are part of your application code base. Since 2014, more than 6,000 new open source security vulnerabilities have been reported, making it essential to have good visibility into and control over the open source in use in order to understand if any known vulnerabilities are present.

In this webinar, experts from Red Hat and Black Duck will share the latest insights and recommendations for securing the open source in your containers, including protecting them from vulnerabilities like Heartbleed, Shellshock and Venom. You’ll learn:
• Why container environments present new application security challenges, including those posed by ever-increasing open source use.
• How to scan applications running in containers to identify open source in use and map known open source security vulnerabilities.
• Best practices and methodologies for deploying secure containers with trust and confidence.

Today, open source comprises a critical component of software code in the average application, yet most organizations lack the visibility into and control of the open source they’re using. A 2016 analysis of 200 commercial applications showed that 67% contained known open source vulnerabilities. Whether it’s a SaaS solution you deliver to millions of customers, or an internal application developed for employees, addressing the open source visibility and control challenges is vital to ensuring proper software security.

Open source use is ubiquitous worldwide. It powers your mobile phone and your company’s most important cloud application. Securing mission critical applications must evolve to address open source as part of software security, complementing and extending the testing of in-house written code.

In this webinar by Cigital and Black Duck security experts, you’ll learn:

- The current state of application security management within the Software Development Lifecycle (SDLC)
- New security considerations organizations face in testing applications that combine open source and in-house written software.
- Steps you can take to automate and manage open source security as part of application development

To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk.

Open source software is an integral part of today’s technology ecosystem, powering everything from enterprise and mobile applications to cloud computing, containers and the Internet of Things.

While open source offers attractive economic and productivity benefits for application development, it also presents organizations with significant security challenges. Every year, thousands of new open source security vulnerabilities – such as Heartbleed, Venom and Shellshock – are reported. Unfortunately, many organizations lack visibility into and control of their open source. Addressing this challenge is vital for ensuring security in applications and containers.

Whether you’re building software for customers or for internal use, the majority of the code is likely open source and securing it is no easy task. In this session, you’ll learn about:

• The evolving DevOps and software security assurance lifecycle in the age of open source
• The software security considerations CISOs, security, and development teams must address when using open source
• An automated approach to identifying vulnerabilities and managing software security assurance for custom and open source code.

Join us for our next customer webinar where we’ll share expert tips and best practices on how to extract maximum value from your Black Duck Hub implementation through automation.

Even before you scan your first line of code, Black Duck Hub brings value to your organization. This includes the ability to define strategies around users and user roles, project and policy management in order to simplify and streamline your organization’s open source security management. You’ll also learn how to integrate Hub and its security features more tightly into your continuous code development and DevOps ecosystem to bring you from a simple, reactive scanning approach to a more mature, automated one for managing open source use across your organization.

You Will Learn
• How to architect the right user, project, and policy management for maximum impact.
• Ways to incorporate Hub scanning into your continuous code development and DevOps lifecycle.
•Leveraging Black Duck Hub integrations with DAST/SAST security testing tools for enhanced application security.
• Best practices for interpreting your Hub scanning results and establishing a triage policy to deal with open source issues that need remediation.
• Ways to leverage the built-in and third-party resources to speed up the remediation process.
• How Black Duck Hub can help you move from a reactive approach to open source management to an automated one.

Following the demonstration, we’ll leave plenty of time for you to ask our product experts questions.

Recent Black Duck On-Demand security audits of 200 commercial applications confirm the importance of open source in application development, but also highlight the persistent challenges organizations face in effectively securing and managing their open source. Black Duck’s Open Source Security Audit Report reveals that on average the applications contained more than twice as much open source as the organizations thought, and that 67% of the audited applications contained known open source vulnerabilities.
In this 30-minute webinar, Black Duck VP of Security Strategy Mike Pittenger will review the audit findings and discuss strategies companies can use to minimize security risk while maximizing the economic and productivity value open source provides.

Open source-savvy lawyers have long advised their clients on managing risk by attending to compliance processes. But, insight into the open source and other third party code used in a code base is also critical to managing security risks.

Join Phil Odence, Vice President and General Manager at Black Duck Software, as he moderates a panel on the strategies you should have in place to manage the security of open source components in applications and containers.

DLA Piper security expert Peter McLaughlin will discuss the legal underpinnings of cyber security. David A. Wheeler, security research expert for the Institute for Defense Analyses (IDA) will explore the Linux Foundation's Core Infrastructure Initiative to ensure the security of open source projects.

The recent high-profile “Panama Papers” exploit, which resulted in the theft of 2.6 terabytes of data from the Mossack Fonseca law firm, highlighted the firm’s failure to effectively secure and manage its open source software.
Although the exploited component has yet to be pinpointed, the breach investigation has revealed that Mossack Fonseca was delinquent in patching known open source vulnerabilities in both Drupal and Wordpress. This lapse exposed sensitive client information.
Open source software is an essential element in application development today and this breach raises the question: What are the best practices for securing and managing open source to avoid exploitation? This webcast will detail the processes organization can implement to secure and manage their open source to reduce risk from security vulnerabilities.

How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Whether it’s containers like Docker or the increasing mix of custom and open source code, development teams are aware of the shifting security challenges they face. However, they're not security experts and do not have spare time to learn new tools.

What can development teams do to keep pace with rapidly evolving application security threats?

The answer lies in automation. By making application security part of the continuous build processes, organizations can protect against these major risks.

Join IBM and Black Duck for our latest webinar on best practices for application security in DevOps. You’ll learn:

• New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments.
• Best practices for designing and incorporating an automated approach to application security into your existing development environment.
• Future development and application security challenges organizations will face and what they can do to prepare.

All regulatory requirements (HIPAA, PCI, etc.) include a mandate for assessing vulnerabilities in systems that manage or store sensitive data. Organizations often opt to conduct vulnerability assessments on an annual, quarterly, or even monthly basis. But while vulnerability assessment tools can identify unpatched or misconfigured code bases, these tools overlook a large portion of an organization’s attack surface: known vulnerabilities in applications that are built in-house. These applications will not have public updates, nor will the thousands of open source components they utilize be included in public disclosures. This is concerning because over 6,000 vulnerabilities in open source projects have been reported since 2014. Register for this webinar to discover how to protect yourself.

• New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices.
• Best practices for designing and incorporating an automated approach to application security into your existing development environment.
• Future development and application security challenges organizations will face and what they can do to prepare.